One company, F-Secure, is sourcing its security applications through wireless carriers in an effort to stake a claim in the mobile device space. The Finland-based security vendor has signed deals with a range of leading European mobile operators, including Vodafone, T-Mobile, and Orange, to make its security tools -- which include anti-virus applications, firewalls, and encryption technologies -- available under the carriers' SLAs. F-Secure is looking to extend this practice in the United States in the near future.

According to F-Secure officials, bundling security into wireless contracts and allowing operators to offer additional device defense services will prevent enterprises from having to deal directly with a wide array of vendors, thereby securing mobile initiatives in a more cost-effective manner. Moreover, with security part of the package, end-users will also be more likely to use their smartphones in more interesting ways, says Curtis Cresta, general manager of F-Secure North America.

"The critical mass of smart device users is changing perceptions of adoption; much as with laptops, there has been a natural evolution with security, and a growing number of enterprises are now coming to us for advice," Cresta says. "For instance, there has previously been a bit of resistance to pushing business applications out to handhelds, and applications companies have even come to us looking for help selling their products, but the market appears to be coming around, and having better security available from the carriers is a significant part of that."

Wireless operators themselves are looking to benefit from the greater emphasis on mobile security, as some are already marketing what they describe as mobile lifecycle management services, which promise to offer end-to-end security capabilities.

Sprint Nextel, for example, offers Sprint Mobility Management. Available for roughly $8 per user, the portfolio includes compliance, data protection, and anti-virus services for handhelds, along with other nonsecurity capabilities.

Sprint executives contend that wireless operators, which have existing relationships with device makers, operating system providers, applications developers, and the like, are best positioned to pull together a comprehensive set of security features and to free user organizations from trying to manage them all on their own.

"Security concerns have slowed down adoption of smartphones in the past, especially with high-sensitivity organizations operating under regulations and compliance concerns," says Stephanie Burnham, product marketing manager at Sprint. "We're trying to recognize these concerns and help organizations get over the obstacles that prevented them from using all the mobile business applications they might otherwise adopt."

Learning from laptops

In addition to researching device capabilities, carrier services, and aftermarket technologies to help protect mobile devices, analysts advise enterprises to look at advanced handhelds in the same way they have come to view laptops and other technologies from a security perspective.

Sam Bhavnani, an analyst at Current Analysis, contends that organizations should take the best practices they have developed for laptops and port them directly into their smartphone adoption plans.

"This all goes back to the migration from desktops to laptops. There are a lot of common sense implications, and people need to be sensible about creating realistic policies that both protect the data on the device and allow users to tap into the potential of the smartphones," Bhavnani says. "Some people are still scared to go there. They know that adopting these devices will open another can of worms, but creating smart policies ahead of time and building on their laptop experience will be the best ways to foster strong mobile security."

In other words, your best bet for a mobile security framework may already be in place.